In the process of researching breach reports submitted to HHS, DataBreaches came across a public notice for an incident affecting Primary Health & Wellness Center, LLC in Maryland. The covered entity is to be commended for the details and transparency in their notice, although they do not name the threat actor/group involved or any details of any ransom demand received. DataBreaches.net has not found this incident claimed by any ransomware group as yet. The incident was reported to HHS on December 17 as affecting 4,792 patients.
Public Notice
Published in The Baltimore Sun on December 20, 2023
Location
Baltimore County, Maryland
Notice Text
Patient HIPAA Notice Regarding Protected Health Information Primary Health & Wellness Center, LLC On October 20, 2023, Primary Health & Wellness Center, LLC (PHWC) identified that its network server was encrypted with ransomware. The server contained medical records for patients from 2018 to present. The data included patient names, addresses, dates of birth, Social Security Numbers, and medical records.
In response to this incident, PHWC retained a computer forensics incident response team, and the FBI was also notified.
Upon information and belief, the threat actor variant was Phobos, and the threat actor was able to encrypt the server through remote desktop.
The remote access was disabled and secured, and no further vulnerabilities were identified. Following examination, no definitive indicators of exfiltration of patient data or protective health information were observed. In addition, threat actors utilizing the Phobos ransomware are not known to exfiltrate patient data.
Although PHWC has no evidence that any patient data or protected health information was acquired, exfiltrated, or misused for the purpose of committing fraud or identity theft, PHWC is writing to formally report the incident and to provide patients guidance on what they can do to help protect their data. To date, there has been no indication that any patient data or protected health information was improperly utilized by any person.
PHWC has also taken steps to ensure that similar incidents do not occur in the future. However, as a precautionary measure, patients should remain vigilant to protect against potential fraud or identity theft by, among other things, reviewing their account statements and monitoring credit reports closely. Individuals should promptly report any suspected fraudulent activity or identity theft to proper law enforcement authorities. Patients may also wish to review the tips provided by the Federal Trade Commission on fraud alerts, security/credit freezes, and steps that they can take to avoid identity theft. PHWC is fully committed to the preservation of the confidentiality and security of patient data.
We take our responsibilities pursuant to the Health Information Portability and Accountability Act and the Maryland Confidentiality of Medical Records Act very seriously, and we genuinely apologize for this incident and inconvenience. If you have any questions or concerns regarding this matter, additional information is available via a confidential, toll-free inquiry line at 888-721-8267 from 9:00 a.m. to 9:00 p.m. Eastern Standard Time, Monday through Friday.
12/20/23 7549415